--On Friday, February 19, 2016 00:12 +0000 Stephen Farrell
<stephen(_dot_)farrell(_at_)cs(_dot_)tcd(_dot_)ie> wrote:
On 18/02/16 03:38, Viktor Dukhovni wrote:
The addrquery draft is not under discussion here, so perhaps I
should not even have said that much. Exploring additional
approaches seems reasonable.
Agreed. I think it might make sense to add a bit of text to all
the drafts in this space. Would something like the following be
useful to include in this and other similar drafts?
"This specification is one experiment in improving access to
public keys for end-to-end email security. There are a range
of ways in which this can reasonably be done, for OpenPGP or
...
Stephen,
I think such a paragraph would be a significant step forward. I
don't think it is a substitute for any of the drafts being clear
about known issues and security risks, including warnings (aka
"considerations") about the difference between obtaining a key
and authentication of the key vis-a-vis the supposed key owner.
I don't know whether you consider that separate from "...other
points made about this draft." or not.
john